1. Field of the Invention
Embodiments generally relate to a method and apparatus for implementing a sandbox architecture and, more particularly, to a method and apparatus for reverse patching of application programming interface (API) calls in a sandbox environment.
2. Description of the Related Art
There is an increasing need for computer applications to provide more and more features to today's user. Applications are often expected to interact with a variety of content including locally hosted content, remotely hosted content, and a variety of different file types, extensions, and formats. In order to provide these and other features, applications have become more and more complex, with larger and large code bases. Such code bases result in an increased burden on the programmer to eliminate potential security risks to prevent malicious users from unauthorized access.
One method of providing such an application while minimizing the risk of unauthorized access is to execute the application in a reduced privilege environment, a so-called “sandbox.” When executed in a sandbox, the application is unable to interact with secure system resources that exist outside the sandbox. As such, the sandbox dramatically reduces the impact of a potential security breach. However, many applications require access to resources outside the sandbox to execute properly. One method of allowing controlled access to these external resources is via a “broker process.” A broker process is an element of the application that exists in a higher privilege state to facilitate the operation of particular functions of the application. In other words, the broker process exists outside the sandbox. The broker process typically has a smaller code base than the application and the broker has been thoroughly tested for security breaches. However, performing operations through the broker process has disadvantages, particularly when accessing system application programming interface (API) function calls. Therefore, there is a need in the art for an improved method and apparatus for executing API calls for applications existing within a sandbox environment.